In my previous article I made the argument that GRC (Governance, Risk Management & Compliance) is as relevant to the front office as it is to the back office. That the front lines of the business use GRC systems and need engaging user experiences.
It is not just the front lines though. All levels of the organization interact and use GRC technologies from taking assessments, reading policies, going through training, reporting incidents, evaluation reports, diving through dashboards, and more.
Employee engagement in GRC 3.0 requires GRC technologies to extend across the organization: Even to extended third party relationships such as vendor, suppliers, agents, contractors, outsourcers, services providers, consultants and temporary workers. To engage stakeholders at all levels of the organization requires GRC technologies are relevant, intuitive, easy to use and attractive. Employees live their personal and professional lives in a social-technology permeated world. GRC needs to engage employees and not frustrate or bore them. It has to be easy to use and interact with.
It has been stated that:
Any intelligent fool can make things bigger, more complex and more violent. It takes a touch of genius – and a lot of courage to move in the opposite direction.
A primary directive of GRC 3.0 is to provide GRC engagement that is simple yet gets the job done. Like Apple with its innovative technologies, organizations must approach GRC engagement in a way that re-architects the way it works as well as the way it interacts. The GRC 3.0 goal is simple; it is itself Simplicity. Simplicity is often equated with minimalism. Yet true simplicity is more than just absence of clutter or removal of embellishment. It’s about offering up the right GRC information, in the right place, when the individual needs it. It’s about bringing interaction and engagement to GRC process and data. GRC interactions should be intuitive.
I have been evaluating GRC technologies for twelve years now and find that many have average to poor user experiences. Even some of those who are recognized as GRC leaders who would have you believe that their platform could solve the worlds problems have interfaces that are overly complex, non-intuitive, confusing, and at times downright confounding.
What I am doing today is drawing attention to some examples of Engaging GRC – solutions that I think are delivering cutting edge interface design focused on intuitiveness, aesthetics, and engaging employees at all levels. However, this is not a blanket endorsement of these products. Some are very strong in what they do others are early on the journey of building out breadth and depth. Please do not see this as a blanket endorsement – it is not. I am happy to answer questions on any of these vendors listed and anyone else being considered by buyers in the GRC ecosystem of technologies.
Examples of the latest in GRC Engagement delivering intuitive and easy to use interfaces are as follows (in alphabetical order, there are other vendors that I think excel in GRC Engagement – these were selected as they had publicly accessible video that at some point in the video in these links has a view into their product I could comment on):
- ACL. This is one of my favorites – you have to click on the video icon to get the video that demos the product. Great use of white space, sidebars, clean interface, fonts, and graphics for navigation and context. Very clean interface. I particularly like the drag and drop risk tagging and moving things to different buckets/stages. Great reporting and dashboards with intuitive drill down capability for GRC intelligence.
- BitSight. The first minute and a half is one of the most brilliant marketing videos I have come across, once you get through this you get to the interface. I love the crispness of the reports, the different ways of representing data, the clean interface, and use of graphics in navigation and context.
- Compli. I wish this video showed more of the product other than a few quick glimpses. There is so much more to it. Clean interface. Great use of fonts and numbers. They have a video animation showing the drag and drop workflow but does not show the product itself and elegance of their implementation of this feature.
- Convercent. Beautiful interface with intuitive navigation and drill-down. Good use of white space, clean fonts, attractive colors, and clean graphics and reporting.
- CoreStream. Notice the clean use of fonts, not an overly busy interface, and the use of graphics icons for navigation and context.
- LockPath. This solution is delivering some very innovative and graphical concepts of interactive data visualization and relationship. The top panel has a play button where you can see innovation in the relationship and management of GRC data..
- StratexSystems. You have to scroll down to the bottom of the screen to get to the videos of the product itself. There is a lot in this product that makes it average from GRC Engagement, but it stands out in some of its navigation, use of fonts, graphics, and I particularly like the business organization layout and use of colors and shapes.
- The Network. Delivers a clean, elegant, and intuitive interface that minimizes the complexity of policy management. Great use of graphics, easy tagging, integration of video, interactive content with the written policy itself in the same interface.
- TrueOffice. This solution stands out as a prime example of GRC Gamification and connecting to employees through interactive content. I love what this company is doing in the niche of GRC that it delivers.
- TRUSTe. Great interface design, intuitive navigation, good use of fonts and white space as well as graphics.
- 360factors.com. This one unfortunately does not have a video and I about did not include it. It does have some screenshots that show the interface, good use of graphics for navigation and context, clean use of fonts and balance.